package com.microsoft.onlineid.sts;

import android.content.Context;
import android.util.Base64;
import com.microsoft.identity.common.internal.broker.JoinedAccountRequest;
import com.microsoft.identity.common.internal.dto.AccessTokenRecord;
import com.microsoft.identity.common.internal.providers.microsoft.MicrosoftIdToken;
import com.microsoft.ngc.provider.cryptography.NgcCredentialManager;
import com.microsoft.ngc.provider.exceptions.NgcCredentialException;
import com.microsoft.onlineid.ISecurityScope;
import com.microsoft.onlineid.SecurityScope;
import com.microsoft.onlineid.internal.Strings;
import java.security.InvalidKeyException;
import java.security.interfaces.RSAPublicKey;
import java.util.Locale;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes2.dex */
public class NgcHelper {
    private static final int JwtBase64Flags = 11;
    public static final ISecurityScope KeyRegisterLoginProofTokenScope = new SecurityScope("http://Passport.NET/purpose", "PURPOSE_KEYREGISTER");
    private final NgcCredentialManager _credentialManager;

    public NgcHelper(Context context) {
        this._credentialManager = new NgcCredentialManager(context);
    }

    public String buildNgcToken(String str, AuthenticatorUserAccount authenticatorUserAccount, String str2, boolean z) throws NgcCredentialException, InvalidKeyException {
        String puid = authenticatorUserAccount.getPuid();
        try {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("typ", "JWT");
            jSONObject.put("alg", JoinedAccountRequest.ALG_VALUE_RS256);
            jSONObject.put(AccessTokenRecord.SerializedNames.KID, str2);
            JSONObject jSONObject2 = new JSONObject();
            if (z) {
                RSAPublicKey rSAPublicKey = (RSAPublicKey) this._credentialManager.getPublicKey(puid);
                JSONObject jSONObject3 = new JSONObject();
                jSONObject3.put("kty", "RSA");
                jSONObject3.put("n", Base64.encodeToString(rSAPublicKey.getModulus().toByteArray(), 11));
                jSONObject3.put("e", Base64.encodeToString(rSAPublicKey.getPublicExponent().toByteArray(), 11));
                jSONObject3.put("alg", "RSA-OAEP");
                jSONObject3.put("use", "enc");
                jSONObject2.put("jwk", jSONObject3);
                jSONObject2.put("attk", "");
                jSONObject2.put("attb", "");
            }
            JSONObject jSONObject4 = new JSONObject();
            jSONObject4.put(MicrosoftIdToken.AUDIENCE, "https://login." + ServerConfig.Domain);
            if (z) {
                jSONObject4.put("cnf", jSONObject2);
            }
            jSONObject4.put("request_nonce", str);
            String format = String.format(Locale.US, "%s.%s", Base64.encodeToString(jSONObject.toString().getBytes(Strings.Utf8Charset), 11), Base64.encodeToString(jSONObject4.toString().replaceAll("\\\\/\\\\/", "//").getBytes(Strings.Utf8Charset), 11));
            return String.format(Locale.US, "%s.%s", format, Base64.encodeToString(this._credentialManager.sign(format.getBytes(Strings.Utf8Charset), puid), 11));
        } catch (JSONException e) {
            throw new NgcCredentialException(e);
        }
    }
}
